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DETAILED ACTION 

This office action is in response to the amendments filed on 10/23/2008. Claims 1-8, 10- 
19 are pending. Claims 1-8, 10, 13-16, 18 and 19 have been amended. Claim 9 has 
been cancelled. 

Response to Arguments 

1 . Applicant's amendments filed 1 0/23/2008 have been fully considered but they are 
not persuasive. 

In response to the Applicant's argument that Afek fails to teach or suggest a 
network or method comprising a router for injecting a routing instruction or a second IP 
address comprising a routing instruction having a same IP address as a first IP address, 
but with a higher preference value than the first IP address and having a community 
value, the Examiner disagrees. The Afek et al. reference does disclose a router adapted 
to inject a second IP address(server private address) into said ISP VPN network, said 
second IP address comprising: the same address as the first IP address;( [0257]; 
wherein second IP address will now be the IP address of the guard machine), a higher 
preference value than said first IP address ( [0257]; wherein the IP address given more 
priority due to the attack on the destination); and a community value([0257]; appropriate 
update to routing information) This is due to the fact that Afek et al. does disclose a 
secondary IP address of the guard machine which is injected or supplied at the time of 
potential attack. (Afek et al, [0257]) and therefore in which in combination with Talpade 
et al. reference reads on the Applicant's claim. 

The amendments to claims 1-8, 10, 13-16, 18 and 19 did not overcome the 
cited reference as detailed in the rejection that follows. The rejection of claims 1-8, 10, 
13-16, 18 and 19 are maintained as they do not overcome the cited reference as 
detailed in the rejection that follows 



Application/Control Number: 10/782,512 
Art Unit: 2456 



Page 3 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1, 3-8, 11-15 and 17-19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Talpade et al. (U.S. Patent Pub. No. 2004/0148520 Al) in view of 
Afek et al. (U.S. Patent Pub. No. 2002/0083175 Al) 

As to claim 1 , Talpade et al. discloses network comprising of: a plurality of edge 
routers (fig. 2 , 226,228) a plurality of core routers (fig. 2, 202,where core routers are 
parts of the ISP network, page 2, [0016]) adapted to allow communication between said 
plurality of edge routers; a VPN application (fig. 2 , 232, analysis engine)in 
communication with a first one of said plurality of edge routers(, pg.2 , [0017], where the 
analysis engine is connected to the border router and edge router), said VPN 
application having a first IP address; and a discloses a black-hole router ("filter router" , 
fig. 2 , 230) in communication with said core routers, 

Talpade does not explicitly disclose the black-hole routers injecting a second IP 
address into the ISP VPN network and said second IP address comprising: the same 
address as the first IP address, a higher preference value than said first IP address and 
a community value such that when said second IP address is injected, a selected first 
number of edge routers direct VPN traffic addressed for said first IP address to said 
VPN application and a selected second number of edge routers direct VPN traffic 
addressed for said first IP address to said black-hole router 
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In an analogous art, Afek et al. discloses a black-hole router ("guard machines" 
which are similar to the filtering router, fig.2, G0-G3) in communication with said 
plurality of core routers, said black-hole router adapted to inject a second IP 
address(server private address) into said ISP VPN network, said second IP address 
comprising: the same address as the first IP address;( [0257]; wherein second IP 
address will now be the IP address of the guard machine), a higher preference value 
than said first IP address ( [0257]; wherein the IP address given more priority due to the 
attack on the destination); and a community value([0257]; appropriate update to routing 
information) such that when said second IP address is injected ([0257]; wherein the 
appropriate update is injected to the border routers ), a selected first number of edge 
routers direct VPN traffic addressed for said first IP address to said VPN application 
[0257], where diverted traffic is directed to the guards which is performing the same 
functions as the VPN application) and a selected second number of edge routers direct 
VPN traffic addressed for said first IP address to said black-hole router ( [0258], where 
the internal routers using tunnels redirect traffic to different guard machines) 

At the time of the invention, it would have been obvious to a person of ordinary 
skilled in the art to modify Talpade et al. with Afek et al. to use a black hole router to 
inject a secondary ip address of the guard machine to redirect traffic in the network . 
The rationale behind this modification is to divert traffic using the secondary ip address 
so as to migitate a DDoS attack. 

As to claim 3, Talpade et al. does not disclose the ISP VPN network wherein 
said black-hole router injects said second IP address in response to a Distributed Denial 
of Service (DDoS) attack on said VPN application. 

Afek et al. does discloses the ISP network wherein said black-hole router (guard 
machines) injects said second IP address (routing information) in response to a 
Distributed Denial of Service (DDOS) attack on said VPN application. ([0257]) 

As to claim 4, Talpade et al. does not disclose the ISP network wherein said 
community value can be changed in real-time by said black-hole router. 
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Afek et al. does discloses the ISP network wherein said community value(routing 
information) can be changed in real-time by said black-hole router (guard machines), 
(page 1 1 , [0261 )], where the guard decide when the attack has ended and reverse the 
settings previously performed) 

As to claim 5, Talpade et al. does not disclose to propagate the injected second 
IP address to said edge routers. 

discloses the ISP network, wherein said ISP network utilizes dynamic routing protocols 
in combination with community-based route filtering to propagate the injected second IP 
address to said edge routers. 

Afek et al. does discloses the ISP network, wherein said ISP network utilizes 
dynamic routing protocols (RIP, OSPF, [0258]) in combination with community-based 
route filtering (IP address ingress and egress filters, page 1 1 , [0265]) to propagate the 
injected second IP address to said edge routers. 

As to claim 6, Talpade et al.-Afek et al. discloses the ISP network, wherein said 
second number of edge routers directs VPN traffic, addressed for said first IP address, 
to said black hole router( filter router), said black hole router is adapted to receive such 
traffic as black-holed-traffic (DDoS traffic)(Talpade et al., [0032]), said black-hole router 
adapted to analyze said black-holed traffic in order to determine a ratio of attack traffic 
to legitimate traffic. ( Talpade et al, [0033], where filter router examines traffic and 
removes the DDoS traffic after checking to see if it is legitimate traffic.) 

As to claim 7, Talpade et al.- Afek et al. discloses the ISP network where the 
network comprises of at least one route reflector ("traffic filter" which is a part of the 
"filter router") each one of said route reflectors being connected to a different set of 
edge routers from said plurality of edge routers, said route reflectors being adapted to 
update said edge routers with route instructions, such route instructions including said 
injected second address. (Talpade et al., [0017], "filter router" advertises this updated 
routing information to each border router and edge router) 
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As to claims 8 and 11, these are methods corresponding to the method in claim 
1 . Therefore it has been analyzed and rejected based upon system in claim 1 . 

As to claim 12, Talpade et al.-Afek et al. discloses the method wherein said 
injected instruction (routing information) is a Border Gateway Protocol (BGP) routing 
instruction. (Talpade et al, [0037]) 

As to claim 13, this is a method corresponding to system in claim 6. Therefore it 
has been analyzed and rejected based upon system in claim 6. 

As to claim 14, this is a method corresponding to system in claim 7. Therefore it 
has been analyzed and rejected based upon system in claim 7. 

As to claims 15, this is a method corresponding to the method in claim 1 . 
Therefore it has been analyzed and rejected based upon system in claim 1 . 

As to claim 17, this is a method corresponding to system in claim 6. Therefore it 
has been analyzed and rejected based upon system in claim 6. 

As to claim 18, this is a method corresponding to system in claim 4. Therefore it 
has been analyzed and rejected based upon system in claim 4. 

As to claim 19, this is a method corresponding to system in claim 7. Therefore it 
has been analyzed and rejected based upon system in claim 7. 

4. Claims 2, 10, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Talpade et al. (U.S. Patent Pub. No. 2004/0148520 Al ) in view of Afek et al.(U.S. 
Patent Pub. No. 2002/0083175 Al ) in further view of Yamauchi (U.S. Patent Pub. No. 
2002/003701 0AI ) 
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As to claim 2, Talpade as modified does not disclose a ISP system that is 
a Multiprotocol Label Switching Virtual Private Network (MLS VPN). 

Yamauchi does disclose a virtual private network that uses the Multiprotocol 
Label Switching, (abstract) 

At the time of the invention, it would have been obvious to a person of ordinary 
skilled in the art to modify Talpade et al. with Yamauchi to use the Multiprotocol Label 
switching in a VPN network which is a similar to the network used in the network taught 
by Talapade et al. The rationale behind this modification is that a particular known 
technique was recognized as part of the ordinary capabilities of one skilled in the art. 

As to claim 10, this is a method corresponding to the method in claim 2. 
Therefore it has been analyzed and rejected based upon system in claim 2. 

As to claim 16, this is a method corresponding to the method in claim 2. 
Therefore it has been analyzed and rejected based upon system in claim 2. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JOE CHACKO whose telephone number is (571)270- 
3318. The examiner can normally be reached on Monday-Friday 7:30am-5pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Bunjob Jaroenchonwanit can be reached on 571-272-3913. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/J. CV 

Examiner, Art Unit 2456 

/Bunjob Jaroenchonwanit/ 

Supervisory Patent Examiner, Art Unit 2456 



